Implements https://trello.com/c/bEMQtVjz - API/UI changes to support su username/password. Adds force_handlers, skip_tasks and start_at_task options to jobs, only exposed via API.

2026-03-19 18:07:33 -02:30 · 2014-09-11 17:34:31 -04:00
parent 87ed378f6b
commit e427234aec
12 changed files with 809 additions and 82 deletions
--- a/awx/main/models/credential.py
+++ b/awx/main/models/credential.py
@@ -39,7 +39,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique):
    ]

    PASSWORD_FIELDS = ('password', 'ssh_key_data', 'ssh_key_unlock',
-                       'sudo_password', 'vault_password')
+                       'sudo_password', 'su_password', 'vault_password')

    class Meta:
        app_label = 'main'
@@ -126,6 +126,18 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique):
        default='',
        help_text=_('Sudo password (or "ASK" to prompt the user).'),
    )
+    su_username = models.CharField(
+        max_length=1024,
+        blank=True,
+        default='',
+        help_text=_('Su username for a job using this credential.'),
+    )
+    su_password = models.CharField(
+        max_length=1024,
+        blank=True,
+        default='',
+        help_text=_('Su password (or "ASK" to prompt the user).'),
+    )
    vault_password = models.CharField(
        max_length=1024,
        blank=True,
@@ -155,6 +167,10 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique):
    def needs_sudo_password(self):
        return self.kind == 'ssh' and self.sudo_password == 'ASK'

+    @property
+    def needs_su_password(self):
+        return self.kind == 'ssh' and self.su_password == 'ASK'
+
    @property
    def needs_vault_password(self):
        return self.kind == 'ssh' and self.vault_password == 'ASK'
@@ -162,7 +178,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique):
    @property
    def passwords_needed(self):
        needed = []
-        for field in ('password', 'sudo_password', 'ssh_key_unlock', 'vault_password'):
+        for field in ('password', 'sudo_password', 'su_password', 'ssh_key_unlock', 'vault_password'):
            if getattr(self, 'needs_%s' % field):
                needed.append(field)
        return needed
@@ -308,6 +324,8 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique):
    def clean(self):
        if self.user and self.team:
            raise ValidationError('Credential cannot be assigned to both a user and team')
+        if (self.sudo_username or self.sudo_password) and (self.su_username or self.su_password):
+            raise ValidationError('Credential cannot specify both sudo username/password and su username/password')

    def _validate_unique_together_with_null(self, unique_check, exclude=None):
        # Based on existing Django model validation code, except it doesn't